MyAbraCadaWeb header.php ma_kw Parameter XSS

medium Nessus Plugin ID 11417

Language:

Synopsis

The remote web server contains a CGI which is vulnerable to a cross- site scripting and a path disclosure issue.

Description

The remote host seems to be running MyAbraCadaWeb. An attacker may use it to perform a cross-site scripting attack on this host, or to reveal the full path to its physical location by sending a malformed request.

Solution

Upgrade to a newer version of this software.

Plugin Details

Severity: Medium

ID: 11417

File Name: MyAbraCadaWeb_XSS.nasl

Version: 1.36

Type: remote

Published: 3/19/2003

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Required KB Items: www/PHP, Settings/ParanoidReport

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Reference Information

CVE: CVE-2003-1548, CVE-2003-1549

BID: 7126, 7127

CWE: 200, 79